In page localhost/index.php?c=main&a=index, the Get function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse
Environment installed from verydows-master
In page localhost/index.php?c=main&a=index, the Get function can change the function used in PHP, the user/attacker can modify the parament and add the script which will be shown without filtering. They can use the script to steal the cookie or some things worse
Payload used: <script>alert(document.cookie)</script>
Affected URL: http://localhost/index.php?c=main&a=index%3Cscript%3Ealert(document.cookie)%3C/script%3E
Navigate to the Affected URL, Payload would be triggered.
Payload used -
<script>alert(document.cookie);</script>The text was updated successfully, but these errors were encountered: